If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Enjoy an ad free experience by logging in. Not a member yet? Register.

Password storage

Just out of curiousity, which is safer: storing hashed/encrypted passwords in a database of txt file?

I've been looking into writing a flat file script, alternatively, I was wondering if it would be safe to create a file called config.php, chmod it to 666 amd from the control panel 'build' the file contents and write it to the config.php file -- or edit it manually.

Not only will it be more secure but it will be more efficient and more dynamic. If you stored it in a txt file you would have to iterate through every line until you found the specific user. With a DB it utilizes (generally) a binary search and will, in most cases, find it faster and with less resources.

Beyond that security is huge. Even with storing in a database you should still hash the passwords to protect but your site and your users. I would recommend using the SHA-2 hashing function as things like SHA-1 and MD5 can be cracked.

Beyond that security is huge. Even with storing in a database you should still hash the passwords to protect but your site and your users. I would recommend using the SHA-2 hashing function as things like SHA-1 and MD5 can be cracked.

I agree, but FYI, all three of those can be cracked, even SHA-2 can be cracked. They are all one-way hash based encryption routines, and even though they are a "one-way" (meaning they cannot be un-encrypted back to original) hash encryption they can be brute forced using a comparison hacking program like Jack the Ripper or another such program. All can be hacked if you can get the encrypted version to compare against. "Quoted from Applied cryptography by Bruce Schneier"

So in short they are harder to crack but can still be cracked. But for better security do it the way we just stated man. Security is the key.